|
561
|
8.1 |
HIGH
Network
|
-
|
-
|
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the atta…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7647
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMu…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7605
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
8.8 |
HIGH
Network
|
-
|
-
|
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via…
Update
|
CWE-94
Code Injection
|
CVE-2026-2052
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escapi…
Update
|
CWE-89
SQL Injection
|
CVE-2026-6457
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-4650
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql i…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7612
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. …
Update
|
CWE-22
Path Traversal
|
CVE-2026-7627
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
7.5 |
HIGH
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user …
Update
|
CWE-89
SQL Injection
|
CVE-2026-4060
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
7.5 |
HIGH
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook …
Update
|
CWE-89
SQL Injection
|
CVE-2026-4061
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_svg' parameter in versions up to, and inclu…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-4790
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
